[dns-operations] new public DNS service: 9.9.9.9

Damian Menscher damian at google.com
Mon Nov 20 12:08:15 UTC 2017


On Mon, Nov 20, 2017 at 3:47 AM, Florian Weimer <fweimer at redhat.com> wrote:

> On 11/18/2017 09:11 AM, Damian Menscher wrote:
>
>> Your argument that you don't trust the ISPs between you and
>> Google/OpenDNS/Quad9, and therefore run your own local recursive resolver,
>> confuses me.  After all, your local recursive needs to query third-party
>> authoritative servers anyway.
>>
>> To convince yourself, answer these two questions:
>>    - How many ISPs are between you and 8.8.8.8?  I'm on Comcast, and they
>> have direct peering with Google, so the number is zero.
>>
>
> 8.8.8.8 is increasingly seen as an anycast service address for DNS
> unrelated to Google, similar to how you download the SSH keys for root
> login from 169.254.169.254 or instance-data.  I expect that many ISPs route
> 8.8.8.8 to their own servers.
>

Unlike 169.254/16 which is defined by RFC to be link-local, 8.8.8.0/24 has
been allocated to Google.

If you identify instances of BGP hijacking please report either privately
to the victim (Google in your example) or publicly to the nanog mailing
list, so corrective action can be taken.

Damian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20171120/de5498db/attachment.html>


More information about the dns-operations mailing list